Direct Attestation Conveyance Verification with Feitian Keys = Invalid cert path #29572
Open
1 of 2 tasks
Labels
area/authentication/webauthn
help wanted
kind/bug
Categorizes a PR related to a bug
priority/normal
status/auto-bump
status/auto-expire
team/core-clients
Before reporting an issue
Area
authentication/webauthn
Describe the bug
We have Direct Attestation Conveyance Verification working for registration of Yubikey 5 Keys by:
We are now trying to do the same for Feitian FIDO2 Keys but registration results in an 'Invalid cert path' error.
Notably the Yubikey and Feitian root CAs are signed differently:
Version
24.0.4
Regression
Expected behavior
Yubikey registration results in the following logs:
Actual behavior
Feitian registration shows a 'Invalid cert path' error and the related logs are below:
How to Reproduce?
The Feitian root CA is below:
Here is the Yubikey root CA:
Anything else?
Changing the Signature algorithms has no effect on the error.
The text was updated successfully, but these errors were encountered: